On September 17, 2024, VMware issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation. The vulnerabilities—CVE-2024-38812 and CVE-2024-38813—could allow attackers to execute remote code and escalate privileges. VMware has released updates to mitigate these threats, urging users to apply the patches immediately.
Impacted Products
The vulnerabilities affect the following products:
- VMware vCenter Server (versions 8.0, 7.0)
- VMware Cloud Foundation (versions 5.x, 4.x)
Vulnerabilities Overview
1. CVE-2024-38812: Heap-Overflow Vulnerability in vCenter Server
- Description: A critical heap-overflow vulnerability in the DCERPC protocol implementation could allow remote attackers to execute arbitrary code by sending specially crafted network packets.
- Severity: Critical with a CVSSv3 score of 9.8.
- Attack Vector: An attacker with network access to the vCenter Server could exploit this vulnerability for remote code execution.
- Resolution: Apply the updates listed in the response matrix below.
2. CVE-2024-38813: Privilege Escalation Vulnerability in vCenter Server
- Description: A privilege escalation vulnerability allows attackers to gain root access by sending a specially crafted network packet.
- Severity: Important with a CVSSv3 score of 7.5.
- Attack Vector: This vulnerability can be exploited by a malicious actor with network access to vCenter Server.
- Resolution: Apply the necessary updates to prevent escalation of privileges.
Fixes and Patching Guidance
VMware has provided the following updates to address these vulnerabilities:
- VMware vCenter Server 8.0 U3b: Download here
- VMware vCenter Server 7.0 U3s: Download here
- VMware Cloud Foundation 5.x/4.x: An asynchronous patch is available, detailed in KB article 88287.
Response Matrix
Product | Version | CVE | CVSSv3 Score | Severity | Fixed Version | Workarounds |
---|---|---|---|---|---|---|
VMware vCenter Server | 8.0 | CVE-2024-38812, 38813 | 9.8, 7.5 | Critical | 8.0 U3b | None |
VMware vCenter Server | 7.0 | CVE-2024-38812, 38813 | 9.8, 7.5 | Critical | 7.0 U3s | None |
VMware Cloud Foundation | 5.x | CVE-2024-38812, 38813 | 9.8, 7.5 | Critical | Async Patch (8.0) | None |
VMware Cloud Foundation | 4.x | CVE-2024-38812, 38813 | 9.8, 7.5 | Critical | Async Patch (7.0) | None |
Additional Documentation
VMware has provided a supplemental FAQ for more detailed guidance on these vulnerabilities, which can be accessed here.
Security Recommendations
Given the critical nature of CVE-2024-38812 and CVE-2024-38813, VMware highly recommends that affected users apply the provided patches without delay. In-product workarounds are not available, making the updates crucial to maintain the security and integrity of your VMware vCenter deployments.
For further details, you can access VMware’s official documentation and security blog:
For queries, please contact VMware via email at vmware.psirt@broadcom.com.
🔥Subscribe to the channel: https://bit.ly/3vY16CT🔥
🚨Read my blog: https://angrysysops.com/
👊Twitter: https://twitter.com/AngrySysOps
👊Facebook: https://www.facebook.com/AngrySysOps
👊My Podcast: https://bit.ly/39fFnxm
👊Mastodon: https://techhub.social/@AngryAdmin